Blog

The security landscape for Mac OS X is changing. It has been for some time, but every now and then, an event comes along that highlights it.

I am thoroughly disappointed with how tardy Apple can be with releasing security updates. Java has been one of the components most visibly neglected in terms of timely patches. The recent ‘Flashback’ trojan for OS X exploited old, well-known vulnerabilities in Java that Apple had failed to promptly patch.

Java on Lion is deprecated, and is no longer installed by default. However, some upgrades from Snow Leopard bring Java along with them, and some users have manually installed Java for compatibility with certain applications.

If you do not know that you need Java installed on your system, do not install it. That is the best way to mitigate any security threat that would try to leverage a Java vulnerability to get into your system.

On Lion, however, once Java is installed, it does not seem to be possible to completely remove it.

What you can do is change the permissions on the relevant files so that it is ‘neutered’ and cannot run at all.

How to Completely Disable Java for Lion

I don᾿t recommend you disable Java on Snow Leopard. It is part of the operating system there, not an optional add-on component. I have not tried this process on Snow Leopard. Proceed to disable Java like this at your own risk (even on Lion)!

While logged in as an administrator user, open Terminal from Applications > Utilities.

Type the following commands in, pressing Enter after each one. You might be asked for your password.

What these commands do is change the permissions mode to 000 on these Java files, meaning that no users have any permissions to even enter these folders, let alone read any files in them. This stops Java from running.

You can test that it is working, or, rather, not working, by now attempting to load Java Preferences in Applications > Utilities. You should be told that Java is not installed, and invited to install it. Click Not Now.

Re-enabling Java

If you suddenly find that actually you do need Java again, simply run the same commands in Terminal, but with the permissions mode 755 (the folder’s owner can read, write, and enter the directory, and everyone else can just read and enter the directory).

Infected?

If you were unfortunate enough to be infected by Flashback (even if you did not type the Administrator password when it prompted), F-Secure has some instructions on its detection and removal. (Hat tip to @bldngnerd.)

Since version 10.3 of Flash Player for the Mac, there has been an automatic update feature for the plugin, as part of a System Preferences pane. Unfortunately, I have not had much luck with it actually doing updates automatically!

I have, then, found it necessary to either check for updates manually, or devise a custom script to do an automatic check for updates.

Based on this MacOSXHints post, here is the script I am using to keep Flash Player on Mac OS X up-to-date. Combined with an OS X LaunchAgent to check every two hours, this is an automatic update solution that actually is automatic!

Ever since updating my iPhone to iOS 5, I was unable to complete a sync.

It backed up fine (thankfully), it did the majority of the syncing, it just got to the last ‘stage’ of the process and hung there perpetually. I saw messages such as “Waiting for items to copy”, “Waiting for changes to be applied” and so on.

It wasn’t a complete showstopper, since I could sync the majority of content, make sure I was backed up, and then just cancel the sync at the last stage, but it was something that needed a fix.

I had read variousthreadson Apple Support Communities — it seems that many people are having this issue.

I get the impression that this symptom is caused by various syncing issues and that some solutions have worked for some people, and not for others. Bear this in mind — this solution worked for me, but it might not work in every case.

I believe I have now solved this problem on my iPhone.

Please support this work!

There used to be advertising here, but I no longer feel sure that advertising delivers the best experience and truly reflects the values of this site.

Keeping things running, however, is not without financial cost. If you would like to support the time and effort I have put into my tutorials and writing, please
consider making a donation.

Delete All Copies of Voice Memos

I deleted all of the synced Voice Memos in my iTunes library, then also went into the Voice Memos app on the iPhone and deleted each and every one there. Upon the next sync, the locking up at “Waiting for items to copy” did not happen, and the sync completed successfully.

This suggests that one of the causes for this issue is Voice Memos. If you are experiencing this issue, try backing up and removing all the Voice Memos from iTunes, removing them all from the Voice Memos app on the iPhone itself, then syncing again.

(The iPhone does still sync Genius Data each time it syncs, but this does complete successfully. Perhaps this is normal — I am not really sure!)

The recent release of Firefox 7 has brought with it several changes. One of these, is that Firefox hides the ‘http://’ prefix in the URL bar by default.

For many people this is fine and probably a positive changes, but geeks like myself may wish to restore the prefix. (I found it especially annoying when I copied a URL from the bar and the text pasted did include the ‘http://’, when the text I copied did not! I don’t like that kind of inconsistency!)

To restore the prefix, browse to about:config. Accept the warning, then search for browser.urlbar.trimURLs. When you find the setting, double-click on it to toggle it to false. The changes should take effect immediately.

Mark, Glenn Künzler of MacTrast.com and myself discussed several post-WWDC topics, MacDefender and the Mac security landscape, iCloud and user control, the new iTunes Match and iTunes in the cloud features, the revamped ‘Apple Store 2.0’ experience, rumours about the Apple A5 chip in the MacBook Air and more.

Thanks again to Mark for inviting me on the show. Mark and Dennis are always looking for other contributors on their show, even if you are not a seasoned podcaster. Please do go over to the site or contact them via @YourMacNetwork on Twitter or by email if you think you might be interested.

I have actually been meaning to announce this here on my blog for quite some time, but just had never got around to it! Oops…

Anyway, I’m pleased to announce that I am now blogging for esteemed podcast For Mac Eyes Only‘s new Articles section. This is a great opportunity for me to get back into more regular blogging (I hope! 😉 ), which is something I love doing — and it’s a great opportunity to share some of my Mac knowledge with others.

I have just released a new version of DfontSplitter for Mac. It is a bugfix-only release, containing a single fix for an issue that affected some non-English versions of Mac OS X.

New Features and Bugfixes

Fixed a bug where DfontSplitter would report valid files as not being in the correct format on some non-English versions of Mac OS X. File type detection is now done through uniform type identifiers, avoiding this issue.

Known Issues

Converting TTC files on Mac OS X Leopard (10.5) does sometimes run into problems, where the TTC splitting script can’t open the TTC file. The reason for this is currently unclear.

Moving TTF files that have been extracted from a .dfont over to Windows — please see this workaround.

Some Font Suitcase files may not contain TTF data that can be extracted.

Users of DfontSplitter for Mac should update their copy of the application by launching it, and choosing DfontSplitter > Check for Updates from the menu bar. Alternatively, you can always download a fresh copy from the DfontSplitter project page.

Since Snow Leopard, each new release of Mail.app (recently updated with 10.6.5 and now 10.6.7) and the Message.framework it depends on changes a ‘plugin compatibility’ UUID and suddenly breaks any plugins or extensions you have enabled in Mail.app. The developers of each extension have to update each and every one manually, and can’t do so before the new software from Apple is released.

If you can’t (be bothered to) wait for the updates from your plugin developers to arrive, however, and are confident that the plugin will work with the new version, you can hack said plugins and force them to be re-enabled inside Mail.app using the following method. Here I’ll be working with GrowlMail 1.1.2, but this should work for most Mail.app plugins.

A word of warning — not only does this involve editing the plugin’s files, which if you get it wrong could break that plugin and force you to download and install it again, it is possible that your plugin really isn’t compatible with the new version of Mail, in which case it could cause more serious problems. Back stuff up before trying this — you should be doing so anyway.

All the iOS devices — iPhone, iPod touch and iPad, are built around Cocoa Touch.

Snow Leopard brought 64-bit support to the Mac mainstream for Cocoa applications. Carbon applications are clearly on the way out and have been since the release of Leopard in 2007.

The third major release of iTunes since Leopard came out is still Carbon and still only 32-bit. (Perhaps an even greater irony is that there is a 64-bit Windows version of iTunes.)

Is this a bit of a nitpick? Probably. Does it really matter what the framework underneath iTunes is if it is being improved? Possibly not. Is iTunes a huge, vital part of Apple’s iPod/iPhone/iTunes Store infrastructure that they are naturally unwilling to make huge changes to? Absolutely.

But I really, really wanted iTunes 10 to be ‘iTunes X’ — not just another major release with some new features, but a drastic rewrite of the application (for the Mac anyway) in Cocoa. The app’s performance has been improved with recent versions, but iTunes is still the one application that ships with Macs that feels out of place — the interface is jarring and not fluid, the app frequently hangs for several seconds for no reason and there is ancient UI debris hanging around. (Those first two might be better with this release, I don’t know, but the Mac OS 9-style context menu cursor lives on.)